Being the most notorious hacker in the world is a lonely place to be. For months, the hacker known as Sabu, hacker for the Anonymous hacktivist collective and leader of the Lulzsec hacking group, has been leading the best of the world's law enforcement on a Benny Hill-style chase across the globe - thumbing his nose at their Keystone Cops-like inability to catch him. But the Benny Hill music is fading and the people running with him have been gradually picked off, or fallen by the wayside, one by one. He's been running alone lately and an ominous recent Twitter message suggests that Sabu may have had enough and vanished into the night.

There will be those that are outraged at any attempt to romanticise Sabu's actions. He has, after all, broken a heap of laws and globally humiliated the likes of the FBI, CIA, Sony and US military contractor, HBGary to name but a few. One certainly can't endorse that. But he's in interesting company.

Billy The Kid is summed up like this in Wikipedia, "his cunning and celebrated skill with firearms, contributed to his paradoxical image, as both a notorious outlaw and beloved folk hero" while Ned Kelly was, 'considered by some merely a cold-blooded killer, while by others a folk hero and symbol of Irish Australian resistance against oppression by the British ruling class for his defiance of the colonial authorities.' As "romanticised" "loveable rogues" go, has there yet been a better example for the 21st Century? If the requirements are notoriety, fighting authority and a polarised following of fans and haters, does Sabu fit the bill?

He's even got an arch-nemesis with an arch-nemesis name: The Jester (properly known as th3 j35t3r) is a high-profile, lone wolf hacktivist who also has been skilful enough to remain anonymous for many years despite having a huge target on his back. However, US law enforcement is unlikely to be pushing many resources after him: his Red White and Blue blood and Star-Spangled zeal have meant that his targets have been America's enemies and he cites Lulzsec and especially Sabu in that category. He even says that Sabu is a terrorist recruiter.

On the one hand, Sabu's actions haven't overtly suggested an agenda of personal gain and appear to (at least on the surface) have been motivated primarily by desire to expose the corrupt and humiliate the establishment (for laughs). There's also the fact that some of what he did has had positive effects - for all the security leaks he's caused, he's also put the importance of online security on the front page of almost every major news website in the world. It hasn't gone unappreciated by the security community.

On a more anarchic front (and again, one can't possibly condone it) the way he has evaded capture in this world of Jason-Bourne-and-Jack Bauer-level, high-tech law enforcement, and showed that a regular person can still take on The Man and get away with it, shows such nerve/cheek/chutzpah/daring do that only the most stone-hearted conservative can't be impressed in some way. At least a little bit. Here's a rebel. And people like rebels.

Nonetheless, Jester and Sabu have been barracking each other on Twitter for months and even challenged each other to meet up at the recent large hacker convention, Def Con.

Jester is certainly not alone. Many hackers are after Sabu and for a variety of reasons. Some don't trust him, others are jealous, some hate what's he's doing and others think he's a rat. Many have tried to expose him - he's been outed and named numerous times, but clearly the wrong person has been fingered on each occasion.

However, lately things have escalated. Jester's taunting seems to be hitting some nerves and he seems to be dealing with more naysayers than fans these days - the laughing crowd has dispersed, the old gang is fragmented and an unfriendly mob has been left in its place. He responds to much of the criticism too, taking things personally at times. But matters appeared to come to a head when he published an exchange between himself and a former trusted friend called Virus. It has shades of Michael Corleone telling Fredo, "I know it was you."

In the exchange, despite both claiming to be experts in Social Engineering, both appear to let a heap of personal information slip in exchanges that alternate between emotional and restrained. While it could all be an elaborate social engineering double bluff to steer authorities elsewhere, it's unlikely as the two former collaborators devolve into accusing each other for ratting out their colleagues to the police.

In the transcript, Sabu says he is a "seasoned security researcher going back to mid to late 90s" and that he has spoken on the phone with Virus, who he names. In return, Virus says Sabu had a New York accent. From being an anonymous, genderless entity that could have resided anywhere in the world, Sabu's proclivity for open communication has narrowed the list of possibilities as to his identity substantially.

After a heap of accusations, Sabu is accused of ratting on Lulzsec spokesman, Topiary, to save himself. The jibe is unfounded and based solely on the fact that Sabu is free while Topiary isn't. Nonetheless, in reply Sabu interestingly describes how Topiary probably got caught:

I can tell you exactly how he got knocked... and if you actually knew anything you'd know how it went down too. for a hot minute there was some troll on twitter that'd hit up topiary's twitter mentions with... "jake from shetland". he got it from an xbox forums. topiary was an avid xbox gamer. was known in the community talked a lot. one of the forum users doxed him [doxed is making all of someone's personal details publicly visible on the internet] and kept throwing the info out there. enough that someone was smart enough to make the connection.

Ultimately, less-skilled colleagues like Topiary have either been caught or merged into the background meaning that vocal support for his actions have dried up. He's also clearly concerned at recent arrests of other hackers caught up in recent hacktivist activities, like Operation Payback, which targeted PayPal. During the initial attack on Paypal, word spread of how people could join in the giant Distributed Denial of Service Attack (which sends so many requests to a website that it becomes inaccessible). At the time, there was social media hysteria about how people could, threat free, join in by downloading and using Anonymous' DDoS computer program. There's even a spoof Downfall video of it.

The general attitude was that, if someone found the piece of offending software on your computer, you could just deny all knowledge of how it got there. That line of defence is about to be extremely tested by fourteen people recently arrested for participating in the attack. Many thousands joined in but the law is wanting to make an example of those few that it has arrested. The charges are severe and a far cry from people installing an app, pressing a button and laughing as PayPal became inaccessible for a while.

Conviction will bring with it the possibility of jail for fifteen years plus a potential $500,000 in fines. One celebrated defendant, 20-year-old Mercedes Haefer, has had a website set up in an effort to assist with legal fees and Sabu is promoting her case. Nonetheless, he seems to be stung at taunts that casualties like this are the fault of people like him.

Sabu's last Tweet was two days ago and read "The greatest trick the devil ever pulled was convincing the world he did not exist. And like that... he is gone."

Two days is a long absence for Sabu to be quiet, but he must have been feeling the heat for some time. The lulz have been silenced and every recent action and announcement has been met with a combative and cynical response. Now observers are waiting to see if the talkative Sabu can really keep quiet. It doesn't seem to be in his nature. After all, Lulzsec resurfaced quickly after its initial 50-day rampage formally ended. It's unlikely that someone of his talents can adopt another online persona without sticking out like a sore thumb in the hacking community. Perhaps, he'll fade into Anonymous again?

The trouble with outlaws is that things rarely end well. Going out in a blaze of glory could be an option; whether it's one final epic hack or a high-profile arrest. Time will tell, but Sabu will be wary that Bin Laden got caught after ten years and there are at least some clues as to his identity lying around.

What of his legacy? On a positive note, major corporations, small businesses and governments have finally realised the importance of cyber security. While Lulzsec operated in the open, it ultimately used tools and methods that criminal hackers have known about for years - but not got any media attention. Nonetheless, some will say that the people who got hurt along the way (whether through arrest or having their private details published) were not worth the price.

Sabu himself has said that the HBGary hack was the one he was most proud of. The vast amount of confidential information leaked from that is still being sifted through but troubling details of government black opshave come to light from it. This is another topic that will divide people in the way that Wikileaks has already has.

Will we see him again? Who knows? Who cares? Other hackers are already getting less spotlight now that he (and Lulzsec) aren't around to reply to taunts. While Jester might be claiming a win, one wonders if losing a nemesis will leave some kind of hole in his life. The general public moved on ages ago. Observers like me will have to find another sideshow to sit back and enjoy with popcorn. But online security people can only have benefitted from the actions of this potential, Twenty-first Century Billy The Kid and many people will be safer online because of that.

Commenter :

Easy :

20 Aug 2011 10:55:10pm

"On a positive note, major corporations, small businesses and governments have finally realised the importance of cyber security."

Not really. This is hardly anything new. All of the 'lulz' was basically the equivalent of throwing a brick through a car windshield, then standing there with your hands indicating the shattered glass. "See? You see what happens?"

Me :

20 Aug 2011 8:03:14pm

Sabu did not leave because of "the dox." Sabu knows the police have his address and location. His residence in the E Village, his GF in Queens, his best friend in Brooklyn, have been discussed on Twitter for *months.*

It is being pushed hard now because Marduk and others are feeling a little heat and trying to make a little noise. The longer Sabu is "free" is more time the FBI have to find the others, so the others have incentive to try and force an arrest.

This is SE so transparent and yet so effective. Make a lot of noise, repeat "Dox" the same guy over and over (notice the habitual phrasing), create a mysterious "group" or rival for the same media audience. They steal attention away from real intelligence and researchers, create a huge distraction, and impede investigations.

NickRoss :

20 Aug 2011 8:48:07pm

Hi Tony,

Thanks for your feedback. I fear I may need to clarify a few things for you though.

I didn't mention all the positive hacktivist anons in this article because this article is about Sabu possibly being a modern day Billy The Kid. The other hacktivist activity you mention is largely down to other anons who aren't the subject of this article. It's already a very long article so adding all of this stuff would have made it even longer.

Also, "fetching the popcorn" isn't supposed to be taken literally. It's a popular saying for when an argument or general occurrence is taking place and there are bystanders present - it's often wheeled out on Twitter. I actually do work really :3

Thanks for your forgiveness though. One can never have enough of that.

What are you doing now you're not at the ABC out of interest? Do you miss it?

Anon Supporter :

21 Aug 2011 3:27:12pm

I have to disagree with you there to be honest. Hacks like HBGary are a lot more than "just for kicks". They expose how corrupt the establishment actually is in its attitude of "only our opponents have to follow the law, we are above it."

If the activities being planned by HBGary were planned by ordinary citizens you can bet every one of them would have been charged with conspiracy by now. But because it's government sponsored they'll get a nice little hissy fit in congress possibly, followed by an almighty cover up.

People like Sabu and groups like Anonymous couldn't survive without their 'legion'. That legion is made up of extremely angry people who are tired of being told we live in a democracy, when we actually don't.

Until such corruption is stamped out and policed, expect that Anon's proclamation from their original Scientology video will hold, and that is "For every Anon that falls, ten more will take his place."

Ergo I don't think it's fair to say that Sabu is the bad guy. He's done some bad things, but he's also done a LOT of good things. The number of scandals his activities have exposed within the government/corporate axis have sadly been ignored in favour of reporting on his activities themselves.

Twitter

How Does this Site Work?

This site is where you will find ABC stories, interviews and videos on the subject of Technology and Games. As you browse through the site, the links you follow will take you to stories as they appeared in their original context, whether from ABC News, a TV program or a radio interview. Please enjoy.

Best of abc.net.au

Boutique cheese imports up

Australian boutique cheesemakers say the growing levels of imports in their field make it hard to compete.

How Does this Site Work?

This site is where you will find ABC stories, interviews and videos on the subject of Technology and Games. As you browse through the site, the links you follow will take you to stories as they appeared in their original context, whether from ABC News, a TV program or a radio interview. Please enjoy.